VIR Vulnerability Intelligence Relay

Search

Found 21,056 results in 5629ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2024-49771 unknown 2y ago MPXJ has a Potential Path Traversal Vulnerability
CVE-2024-49760 unknown FIX debian debian 2y ago OpenRefine has a path traversal in LoadLanguageCommand
CVE-2024-47883 unknown FIX debian debian 2y ago Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
CVE-2024-47882 unknown FIX debian debian 2y ago OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project
CVE-2024-47881 unknown FIX debian debian 2y ago OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)
CVE-2024-47880 unknown FIX debian debian 2y ago OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand
CVE-2024-47879 unknown FIX debian debian 2y ago OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)
CVE-2024-47878 unknown FIX debian debian 2y ago OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)
CVE-2024-45031 unknown 2y ago Apache Syncope: Stored XSS in Console and Enduser
CVE-2024-37383 unknown 2.5 KEVEXPFIX debian debian 2y ago RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.
CVE-2024-20481 unknown 1.5 KEV 2y ago Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote att…
CVE-2024-47575 unknown 2.5 KEVEXP 2y ago Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted re…
CVE-2024-8980 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console
CVE-2024-38002 unknown 2y ago Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions
CVE-2024-26273 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
CVE-2024-26272 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
CVE-2024-26271 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget
CVE-2024-38094 unknown 1.5 KEV 2y ago Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.
CVE-2024-9537 unknown 1.5 KEV 2y ago ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component.
CVE-2024-38820 unknown debian debian 2y ago Spring Framework DataBinder Case Sensitive Match Exception
CVE-2024-49580 unknown 2y ago JetBrains Ktor information disclosure
CVE-2024-40711 unknown 1.5 KEV 2y ago Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.
CVE-2024-45217 unknown FIX debian debian 2y ago Insecure Default Initialization of Resource vulnerability in Apache Solr
CVE-2024-45216 unknown FIX debian debian 2y ago Improper Authentication vulnerability in Apache Solr
CVE-2024-47874 unknown FIX slesdebian debian 2y ago Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buff…
CVE-2024-47876 unknown 2y ago SAK-50571 Sakai Kernel users created with type roleview can login as a normal user
CVE-2024-30088 unknown 1.5 KEV 2y ago Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.
CVE-2024-28987 unknown 2.5 KEVEXP 2y ago SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.
CVE-2024-6763 unknown debian debian sles 2y ago Eclipse Jetty URI parsing of invalid authority
CVE-2024-8184 unknown FIX debian debian sles 2y ago Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
CVE-2024-6762 unknown FIX debian debian sles 2y ago Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
CVE-2024-7318 unknown 2y ago Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity
CVE-2024-7341 unknown 2y ago Keycloak has session fixation in Elytron SAML adapters
CVE-2024-8883 unknown 2y ago Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect
CVE-2024-8698 unknown 2y ago Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
CVE-2023-50780 unknown 2y ago Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
CVE-2024-9823 unknown FIX debian debian sles 2y ago Eclipse Jetty has a denial of service vulnerability on DosFilter
CVE-2023-25581 unknown 2y ago pac4j-core affected by a Java deserialization vulnerability
CVE-2024-21534 unknown 2y ago JSONPath Plus Remote Code Execution (RCE) Vulnerability
CVE-2024-4658 unknown 2y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TE Informatics Nova CMS allows SQL Injection. This issue affects Nova CMS: before 5.0.
CVE-2024-9286 unknown 2y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection. This issue …
CVE-2024-28168 unknown FIX debian debian sles 2y ago Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
CVE-2024-9380 unknown 1.5 KEV 2y ago Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass …
CVE-2024-9379 unknown 1.5 KEV 2y ago Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to r…
CVE-2024-23113 unknown 1.5 KEV 2y ago Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted r…
CVE-2024-9622 unknown 2y ago HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4
CVE-2024-9621 unknown 2y ago Quarkus CXF logs passwords and other secrets
CVE-2024-45231 unknown FIX slesdebian debian 2y ago An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to…
CVE-2024-45230 unknown FIX slesdebian debian 2y ago An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via ve…
CVE-2024-43573 unknown 1.5 KEV 2y ago Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality.
CVE-2024-43572 unknown 1.5 KEV 2y ago Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution.
CVE-2024-43047 unknown 1.5 KEV 2y ago Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory.
CVE-2024-47211 unknown FIX debian debian 2y ago In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when…
CVE-2024-47855 unknown FIX slesdebian debian 2y ago JSON-lib mishandles an unbalanced comment string
CVE-2024-47561 unknown 2y ago Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
CVE-2024-47554 unknown FIX debian debian sles 2y ago Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
CVE-2024-45519 unknown 1.5 KEV 2y ago Synacor Zimbra Collaboration Suite (ZCS) contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands.
CVE-2024-47807 unknown 2y ago Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation
CVE-2024-47806 unknown 2y ago Jenkins OpenId Connect Authentication Plugin lacks audience claim validation
CVE-2024-47805 unknown 2y ago Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
CVE-2024-47804 unknown 2y ago Jenkins item creation restriction bypass vulnerability
CVE-2024-47803 unknown 2y ago Jenkins exposes multi-line secrets through error messages
CVE-2024-29824 unknown 2.5 KEVEXP 2y ago Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.
CVE-2024-47534 unknown FIX debian debian 2y ago go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", th…
CVE-2024-9329 unknown 2y ago Eclipse Glassfish improperly handles http parameters
CVE-2024-45772 unknown sles 2y ago Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
CVE-2023-25280 unknown 1.5 KEV 2y ago D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter t…
CVE-2020-15415 unknown 1.5 KEV 2y ago DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacte…
CVE-2019-0344 unknown 1.5 KEV 2y ago SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection.
CVE-2024-3373 unknown 2y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection. This issue affects Website Template: before 1.…
CVE-2024-47197 unknown sles 2y ago Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
CVE-2024-4657 unknown 2y ago Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software BAP Automation allows Stored XSS. This issue affects BAP Automation: befo…
CVE-2024-23454 unknown 2y ago Apache Hadoop: Temporary File Local Information Disclosure
CVE-2024-39928 unknown 2y ago Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
CVE-2024-38809 unknown debian debian 2y ago Spring Framework DoS via conditional HTTP request
CVE-2024-46985 unknown 2y ago DataEase has an XML External Entity Reference vulnerability
CVE-2024-46997 unknown 2y ago DataEase's H2 datasource has a remote command execution risk
CVE-2024-7835 unknown 2y ago Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Exnet Informatics Software Ferry Reservation System allows Reflected XSS. This issue affe…
CVE-2024-7735 unknown 2y ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Exnet Informatics Software Ferry Reservation System allows SQL Injection. This issue affects Fer…
CVE-2024-46984 unknown 2y ago Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
CVE-2024-46983 unknown 2y ago SOFA Hessian Remote Command Execution (RCE) Vulnerability
CVE-2024-7785 unknown 2y ago Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting (XSS). T…
CVE-2024-8963 unknown 1.5 KEV 2y ago Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conju…
CVE-2024-7254 unknown FIX slesdebian debian 2y ago protobuf-java has potential Denial of Service issue
CVE-2023-30464 unknown 2y ago CoreDNS Cache Poisoning via a birthday attack
CVE-2024-6878 unknown 2y ago Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations. This issue affects Panel: before v2.3.24.
CVE-2024-46979 unknown 2y ago org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users
CVE-2024-46978 unknown 2y ago org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions
CVE-2024-6406 unknown 2y ago Missing Authentication for Critical Function, Missing Authorization vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data. This issue affe…
CVE-2022-21445 unknown 1.5 KEV 2y ago Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.
CVE-2020-14644 unknown 1.5 KEV 2y ago Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerabi…
CVE-2020-0618 unknown 2.5 KEVEXP 2y ago Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in t…
CVE-2024-4629 unknown 2y ago Keycloak Services has a potential bypass of brute force protection
CVE-2024-45537 unknown 2y ago Apache Druid: Users can provide MySQL JDBC properties not on allow list
CVE-2024-45384 unknown 2y ago druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
CVE-2024-7873 unknown 2y ago Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web…
CVE-2014-0502 unknown 1.5 KEV 2y ago Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
CVE-2014-0497 unknown 2.5 KEVEXP 2y ago Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
CVE-2013-0648 unknown 1.5 KEV 2y ago Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
CVE-2013-0643 unknown 1.5 KEV 2y ago Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.